Security – Nmap / Batch: alert if only ports usually closed are opened

batch-filenmapportSecurity

Context

I check open ports on my server with a scheduled batch file:

nmap.exe server1 server2 server3 etc >> log.txt

Usually 21, 22, 80, 443 and 3389 are opened.

Now I want to send an email if only other ports are opened.

I saw there is Nmap Script Engine but I didn't find examples to understand… Also I would like to use batch if possible because I have already developed email mailings with this language (Blat).

Questions

How to filter "all ports except 21, 22, 80, 443, 3389"?
How to develop "for server x, if one port are opened, send email"?

Best Answer

Sounds like a fairly simple script, though if you're going to scan all 65535 ports you're going to find that it takes awhile for the scan to complete.

The Nmap Reference Guide is your friend here. The "greppable" output option (-oG) produces a file that is easy to parse with grep or Windows findstr.exe. You should be able to use these tools to filter the output to exclude the "expected ports" and send email (using something like blat) based on the remaining output.

Context

Questions

Best Answer

Related Solutions

Linux – nmap shows opened port but netstat doesn’t

Why can NMAP not show some ports

Related Topic